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@ Data processing system having public encryption and prhrate decryption keys. 

@ A data processing system that provides for the public en- 
cryption of software programs while simultaneously protecting 
against the public decryption and piracy of those programs Is 
comprised of a plurality of microprocessors; each micropro- 
cessor has a unique and publicly accessible encryption key for 
encrypting software programs in a unique fashion for that mi- 
croprocessor; each microprocessor further has a unique de- 
cryption key for decrypting programs that have been encrypt- 
ed with the microprocessor's unique encryption key; the de- 
cryption key in each microprocessor is imbedded therein in a 
fashion which makes the decryption key humanly impercepti- 
ble, and is of a type that is not detemiinable from the publicly 
accessible encryption key. 
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DATA PROCESSING SYSTEM HAVING 
PUBLIC ENCRYPTION AND PRIVATE DECRYPTION KEYS 

5 

BACKGROUND OF THE INVENTION 

This invention relates to data processing systems 
that protect against software piracy; and more particularly it 
relates to data processing systems that execute software 

10 programs which are encrypted • 

Generally, data processing systems execute software 
programs that are merely written in a standard language such 
as FORTRAN, ALGOL, or COBOL. And, since standard language 
programs can be executed on a wide range of computers, they 

15 also are subject to piracy. 

But software programs often are highly sophisticated 
and represent a large investment in time and money by a 
software vendor. Consequently, it is very desirable that some 
means be provided to adequately protect such investment from 

20 unscrupulous software pirates. 
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In the prior art, various data processing systems 
have been proposed which protect against software piracy. 
See, for example, the "magnetic watermark" system, the "hard 
node" system, and the "Johnstone" system as described at 
5 column 1, line 65 through column 2, line 33 of U.S. Patent 
4,278,837 by R. Best, issued July 14, 1981. But all of those 
systems have deficiencies that are overcome by the system 
which the Best patent teaches. 

Even so, the Best system also has its own serious 

10 deficiencies. For example, the owner of a microprocessor in 
the Best system is not able to write any of his own software. 
Also, the microprocessor owner cannot purchase any of his 
software from a third party software vendor. Instead, he must 
purchase all of his software from the microprocessor 

15 manufacturer. 

Such deficiencies occur in the Best system because 
the enciphering key for each microprocessor is secretly known 
by only by the microprocessor manufacturer. This secret 
encryption key is then used by the microprocessor manufacturer 

20 to encrypt and load programs into the computer before the 

computer is distributed to the computer purchaser. See column 
4, lines 57-69. 

But highly sophisticated and special purpose software 
programs often are available from only a single software 

25 vendor. Also, software programs may be available from both a 
microcomputer manufacturer and a third party vendor but at 
different prices. Further, a microprocessor owner may desxre 
to develop his own secret programs and not merely use someone 
else's software. 

30 Presumably, if the owner of a Be??t microprocew^sor 

wished to write some of his own software or purchase seme 
software from a third party vendor, the microprocessor 
manufacturer could make the appropriate key available to the 
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Goftware writer. However, special security precautions would 
have to be taken to ensure that the key is not stolen by a 
i^oftware pirate during transit from the microprocessor 
manufacturer to the software writer. For example, a key 
5 courier could be used; but that adds to the cost of the 
system. 

Special security precautions would also have to be 
taken to ensure that the intended recipient of the key did not 
make improper use of it. But that would be nearly impossible 

10 to achieve since in the Best system the enciphering key is 

identical to the deciphering key. See column 14, lines 22-55. 

In other words, the owner of the Best system who is 
given a cipher key for the purposes of writing some of his own 
software also would be given the inherent capability of 

15 deciphering encrypted software. Thus, he could decipher the 
software which was written by the microprocessor manufacturer 
and supplied with the microprocessor. Such deciphered software 
could then be distributed by the microprocessor owner as a 
software pirate. 

20 Accordingly, a primary object of the invention is to 

provide a data processing system that protects against 
software piracy in an improved fashion. 

Another object of the invention is to provide a data 
processing system in which the microprocessor manufacturer as 

25 well as the microprocessor owner and third party software 

vendors can write and encrypt programs for the microprocessor 
without the above-described software piracy problems. 

BRIEF SUMMARY OF THE INVENTION 
30 In one embodiment of the invention, these and other 

objectives are achieved by a data processing system that 
provides for the public encryption of software programs while 
simultaneously protecting against the public decryption and 
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piracy of said programs. This system is comprised of a 
plurality of microprocessors; each microprocessor of the 
plurality has a unique and publicly accessible encryption key 
for encrypting software programs in a unique fashion for each 
5 particular microprocessor; each microprocessor of the 

plurality further has a unique decryption key for decrypting 
software programs that have been encrypted with the 
microprocessor's unique encryption key; the decryption key in 
each microprocessor is imbedded therein in a fashion which 
^0 makes the decryption key humanly imperceptible ^ and is of a 
type that is not determinable for the publicly accessible 
encryption key. 

BRIEF DESCRIPTION OF THE DRAWINGS 
15 Various features and advantages of the invention are 

described in detail in the following Detailed Description in 
conjunction with the accompanying drawings wherein: 

Figure 1 illustrates one preferred embodiment of a 
data processing system that is constructed according to the 
20 invention; 

Figure 2 is a timing diagram illustrating the 
operation of a microprocessor in* Figure 1 system; and 

Figure 3 is a detailed logic diagram of a 
microprocessor in the Figure 1 system. 

25 

DETAILED DESCRIPTION OF THE INVENTION 

One preferred embodiment of the invention is 
illustrated in Figure 1. This embodiment includes a plurality 
t of microprocessors 10-1 through 10-i. Each of the 
30 microprocessors 10-1 through 10-i respectively, includes a 

unique and publicly accessible encryption key Kgi through Kei* 
Key Kgi is used to encrypt programs that are to be run on 
processor 10-1;...; and key K^i is used to encrypt programs 
that are to be run on microprocessor 10-i. 
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Each of the microprocessors 10-1 through 10-i also 
respectively includes a unique decryption key Kqi through K^i' 
Key Kdi is used to decrypt programs that have been encrypted 
via key Kei;...; and key Kpi is used to decrypt programs that 
5 have been encrypted via key Kgi^ 

Decryption keys Kqi through Koi are embedded into the 
respective microprocessors in a fashion which makes them 
humanly imperceptible. Preferably, each microprocessor is 
integrated on a single semiconductor chip? and the decryption 
10 key is also integrated as a part of that chip. Also, the 

decryption keys are of a type that are not determinable from 
the publicly accessible encryption keys. 

Preferably, each encryption key and corresponding 
decryption key respectively represent a unique pair of digits 
15 (e, n) and (d, n). Under such conditions, an encrypted 
program PE equals the unencrypted program P raised to the 
power e modulo n; and a decrypted program equals the encrypted 
program raised to the power d modulo n. Mathematically, this 
is expressed as: PE = P^mod n, and P = PE^^mod n. 
20 A particular value for n is obtained by randomly 

choosing two large prime numbers p and q; and setting n equal 
to the product p X q. Thereafter, a particular value for d is 
obtained by computing the product (p-l)X(q-l); and choosing d 
such that the greatest common denominator between d and the 
25 product (p-l)X{q-l) is I. Finally, a particular value for e 
is obtained by choosing e such that the product e X d is equal 
to 1 modulo {p-l)X(q-l). 

Each of the microprocessors 10-1 through 10-i further 
includes a first control memory CM*, a second control memory 
30 CM, a compute module 11, and a control module 12. Module 11 
performs mathematical operations in response to externally 
supplied instructions; control memory CM* stores instructions 
that direct module 11 to decrypt encrypted programs via the 



0121853 

microprocessor's encryption key; control memory CM stores the 
decrypted programs from module 11; and control module 12 
supplies instructions to module 11 from control memories CM* 
and CM during respective time intervals that are sequentially 
5 interleaved. 

One feature of the above-described data processing 
system is that various programs can be written for any 
microprocessor 10-1 through 10-i by the microprocessor 
manufacturer,- the microprocessor buyer, and a third party 

10 software vendor; and at the same time, the risk of software 
piracy is eliminated. This is evident from the following 
description of the bottom portion of Figure 1. 

In Figure 1, reference numeral 20 indicates the 
distribution of the microprocessors 10-1 through 10-i from the 

15 microprocessor manufacturer to the microprocessor owners. 

Also, reference numeral 21 indicates the distribution of one 
program from the microprocessor manufacturer to the 
microprocessor owners. Reference numeral 22 indicates the 
distribution of another program P2 from a third party software 

20 manufacturer to the microprocessor owners. And reference 

numerals 23 and 24 respectively indicate the distribution of 
other programs and Py from th^ microprocessor owners 
themselves. 

Before program Pj is distributed to the owner of 
25 microprocessor 10-1, the microprocessor manufacturer reads the 
unique but public encryption key Kgi of microprocessor 1 and 
encrypts program P^ via a generalized encryption method (GEM) 
which uses the unique encryption key. For example, the GEM 
can constitute raising the unencrypted program to the power e 
30 modulo n, with specific numerical values of e and n being 
specified by the unique encryption key. 

Thereafter, the encrypted program, which is indicated 
in Figure 1 as PxlGEMlKgi, is sent to the owner of 
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microprocessor 10-1 where it is stored in a memory 30. From 
memory 30, program Pi[GEM]Kei can be accessed by 
microprocessor 10-1 over an input/output (I/O) bus. 

Similarly, before program is distributed to the 
5 owner of microprocessor 10-i, the microprocessor manufacturer 
reads the unique and public encryption key Kgi and encrypts 
program Pi via the general encryption method and unique 
encryption key. The resulting encrypted program, which is 
indicated in Figure 1 as Pi[GEM]KEir is sent to the owner of 

10 microprocessor 10-i where it is stored in a memory 30-i and 
accessed by microprocessor 10-i over an I/O bus. 

If one of the encrypted programs Pi[GEM]Kei through 
Pl[GEM]KEi is intercepted during its distribution by a 
software pirate, such an event poses no problem since an 

15 encrypted program will run only on the particular 
microprocessor for which the program was intended. 

Further, the original unencrypted program Pi cannot 
be obtained from the encrypted program without the decryption 
key? and that decryption key is embedded in the microprocessor 

20 in a humanly imperceptible fashion and is not determinable 
from the publicly accessible encryption key. 

In addition, since the unencrypted version of program 
Pi is never available to the microprocessor owner but is 
always kept within the microprocessor, program Pi is also 

25 protected from piracy by the microprocessor owner. 

Distribution of program P2 from a third party 
software vendor proceeds in a similar fashion. Before program 
P2 is distributed to the owner of microprocessor 10-1, then 
the vendor of program P2 obtains the unique and public 

30 encryption key Kei and uses it in conjunction with the general 
encryption method to encrypt program P2» Thereafter, the 
resulting encrypted program P2[GEM]Kei is sent to the owner of 
microprocessor 10-1. 
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In like manner, program P2 is encrypted via the 
general encryption method and unique encryption key Kgi prior 
to sending that program to the owner of microprocessor 10-i. 
Consequently, nobody except the third party vendor of program 
P2 has access to an unencrypted copy of that program. 

Finally, if the owner of a microprocessor wishes to 
write a program that will run on his own microprocessor, he 
can do so by encrypting such program with the general 
encryption method and his own unique encryption key. For 
example, reference numeral 23 indicates a program Px written 
by the owner of microprocessor 10-1 that has been encrypted 
via the general encryption method and key Kei; and reference 
numeral 24 shows another program Py written by the owner of 
microprocessor 10-i that has been encrypted via the general 
encryption method and unique encryption key K^i. 

Preferably, memories 30-1 through 30-i which store 
the encrypted programs are substantially larger than control 
memory CM which stores the decrypted programs. For example, 
memories 30-1 through 30-i may include a magnetic tape or 
magnetic disk having a storage capacity of several million 
bytes; whereas control memory CM preferably is a semiconductor 
memory which occupies only a portion of a single semiconductor 
chip on which the microprocessor is integrated. 

Also preferably, the various programs P^, P2, Pxr and 
Py are partitioned into blocks prior to their encryption; and 
each block is separately encrypted. For example, in Figure 1, 
program P^ is illustrated in memory 30-1 as being partitioned 
into seven encrypted blocks which are indicated as PiE^-l 
through PiEi-7. Similarly, program P2 is illustrated as being 
partitioned into five encrypted blocks P2E1-I through P2E1-5; 
and program Px is illustrated as being partitioned into two 
encrypted blocks Px^i-l and Px^l^S. 
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To partition a program into blocks, that program 
along with the variable "n" in the public encryption key 
should be expressed in binary form. Then the number of bits 
in each program block must be made less than the number of 
5 bits in "n". 

With the above program partitioning, control memory 
CM operates as a cache which stores only a predetermined 
number of the unencrypted program blocks. Suitably, each 
program block contains 256 bits; and control memory CM has a 

IQ capacity to store four such blocks. A larger number of bits 
per block can be used to improve the degree of security; and a 
larger storage capacity in control memory CM can be used to 
improve the cache hit-miss ratio and thereby improve the speed 
at which the programs are executed. 

15 Figure 2 illustrates an example of the sequential 

fashion in which the various program portions are read from 
memory 30-1, decrypted within microprocessor 30-1, and 
executed within the microprocessor. In this example, time is 
plotted on a horizontal axis which is divided into a plurality 

20 of sequential time intervals Ati, ht2f**i etc. During each 
odd-numbered time interval, a particular program portion is 
read from memory 30-1, decrypted, within microprocessor 10-1 
^nd stored in memory CM; whereas during each even-numbered 
time interval, the decrypted program portions in control 

25 memory CM are executed within the microprocessor. 

In the example, during time interval Ati, 
microprocessor 10-1 reads the first module of encrypted 
program from memory 30-1. That program module is then 
decrypted by compute module 11 in response to commands in 

30 control memory CM* together with the unique decryption key 
K^i- This resulting decrypted program module, which is 
indicated in Figure 2 as Pj-l, is then stored in section A of 
control memory CM. 
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Thereafter, during time interval St2, control module 
12 fetches the decrypted instructions in section A of control 
memory CM and directs them to compute module 11. That process 
continues until a branch is taken to an instruction which lies 
5 outside of program 1 module 1. Such a branch initiates the 
next time interval 4t3, 

During time interval At2, the encrypted program 
module which v;as branched into is read and decrypted by 
microprocessor 10-1, and the resulting decrypted program 

10 module is stored in section B of control memory CM. In the 
illustrated example, module 4 of program Pj^ is decrypted and 
stored in section B of control memory CM. Again, this 
decryption occurs in compute module 11 under the direction of 
commands in control memory CM* and the decryption key Kd^. 

15 Subsequently, during time interval At4, control 

module 12 directs the decrypted instructions in sections A and 
B of control memory CM to the compute module. That process 
then continues until another branch is taken to another 
program module. Such a branch initiates the next time 

20 interval tt^. 

The above process of decrypting program modules as 
they are branched to continues during time intervals ^t^, At-j, 
At 9, etc. As an example. Figure 2 shows the third module of 
program P2 being decrypted during time interval At5, the first 

25 module of program Fx being decrypted during time interval Aty, 
and the third module of program P2 being decrypted during time 
inteirval Atg. Then, during the other time intervals Atg, ttQ, 
etc., the decrypted code is executed. 

After the four sections of control memory CM are 

30 filled up, each newly decrypted code module is written into 
control memory CM over the least recently decrypted code 
module. For example, during time interval Atg, the third 
TOdule of program 2 is written into section A of control 
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memory CM because that section of the control memory had not 
been written into since time interval Atj. 

One preferred embodiment for control module 12 and 
compute module 11 which perform the above-described operations 
5 is illustrated in Figure 3. This embodiment includes a 

program counter 12-1 which addresses instructions in control 
Eiemory CM* during the odd-numbered time intervals. Addresses 
in program counter 12-1 are formed by a branch logic module 
12-2? and they are indicated in Figure 3 as ADDR*« 

10 Also included in control module 12 is another program 

counter 12-3 which addresses instructions in control memory CM 
during the even-numbered time intervals* Addresses in program 
counter 12-3 are formed by a branch logic module 12-4; and 
they are indicated in Figure 3 as ADDR. 

15 Addresses ADDR are also coupled to a holding register 

12-5. At the end of each even-numbered time interval, the 
address in program counter 12-3 is stored in holding register 
12-5. Thereafter, during the odd-numbered time interval, 
program counter 12-5 addresses the section of control memory 

20 CM where the newly decrypted instructions are to be stored. 

Then at the start of the next even-numbered time interval, the 
address in holding register 12-5. is transferred back to 
program counter 12-5. 

Instructions from control memory CM* are indicated in 

25 Figure 3 as I*; and instructions from control memory CM are 

indicated as I. Instructions I and I* are received by a 2 X 1 
multiplexor 12-6; and a control circuit 12-7 directs 
multiplexor 12-6 to pass either the instructions I or the 
instructions I* to a control store data register 12-8. Each 

^0 instruction in control store data register 12-8 generates 

control signals on a plurality of conductors 12-9 which direct 
the operation of both control module 12 and compute module 11. 
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Compute module 11 includes a register file which is 
divided into two parts 11-1 and 11-2, File 11-1 is accessible 
only by instructions in control memory CM; whereas register 
file 11-2 is accessible only by instructions in control memory 
CM*. 

Module 11 also includes an arithmetic logic unit 

11- 3. That unit receives data from a pair of registers in the 
register files as selected by control signals on the 
conductors 12-9 r performs arithmetic operations on those 
operands in response to the control signals on conductors 

12- 9 f and generates the results on a bus 11-4. 

Bus 11-4 couples back to register files 11-1 and 

11- 2. It also couples to the branch logic modules 12-2 and 

12- 4 so that the arithmetic results can be tested by 
conditional branch instructions. It also couples to control 
memory CM as a data input which can be written into the 
control memory. And it also passes through a set of AND gates 

11- 5 to an input/output (I/O) module 11-6. 

In response to the control signals on conductors 

12- 9 r I/O module 11-6 sends data to and receives data from the 
previously described I/O bus. In particular, during the 
odd-numbered time intervals, module 11-6 receives encrypted 
program modules from memory 30-1. Those encrypted program 
modules are then sent to register file 11-2 whereupon they are 
decrypted. 

During the decryption process, program counter 12-1 
and branch logic 12-2 address the instructions I* in control 
memory CM*; those instructions I* are passed through 
multiplexor 12-6 to control store register 12-8; and the 
instructions I* in register 12-8 generate control signals on 
conductors 12-9 which direct arithmetic logic unit 11-3 to 
raise the encrypted instructions in register file 11-2 to the 
power d modulo n. 
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The arithmetic result of that operation equals the 
decrypted program module. Thus, that result is sent via bus 
11-4 to control memory CM where it is stored in response to a 
write signal (WR) on the conductors 12-9. A listing of one 
5 suitable set of the instructions I* for storage in memory CH^ 
to perform the above decrypting and storage operation is 
attached hereto as Appendix 1. Also, additional details ci. 
the underlying mathematics of the encryption-decryption method 
itself are described in a paper entitled, "A Method for 

10 Obtaining Digital Signatures on Public-Key Cryptosystems" by 
Rivest et al, April 4, 1977. 

Throughout the decrypting operation, the same control 
signal from logic circuit 12-7 which selects the instructions 
I* is sent to a set of AND gates 11-7 which in response 

15 permits the transfer of decryption key to file registers 
11-2. At the same time, that control signal is also sent to 
AND gates 11-5 which in response prohibits the transfer of 
signals on bus 11-4 to the I/O module. Consequently, during 
the only time intervals that the decryption key is being read 

20 and decrypted instructions are being sent to control memory 
CM, that decryption key and decrypted instructions are 
inaccessible to the outside world via the I/O bus. 

After the above-described decryption process is 
complete and the decrypted instructions have been stored in 

25 control memory CM, multiplexor 12-6 passes the decrypted 

instructions I from control memory CM to register 12-8. These 
instructions I are addressed under the control of program 
counter 12-3 and branch logic 12-4. This state of operaticri 
defines the even-numbered time intervals. 

30 Decrypted program modules in control memory CM ars 

executed until a branch is taken to an instruction in a 
program module which is not in control memory CM. When that 
occurs, a "CACHE MISS" signal is generated by control memory 
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M. Ir. r^sp:>iibt: thereto., control circuit 12-7 returns to its 
revivr^T stv^tr ir. which instructions I* from control memory 

ar- passed through multiplexor 12-6 to control store data 
.-giscer 12-8. Thereafter, another block of encrypted code is 
^crypztid according to the above-described process. 

One preferred er.bodiment of the invention has now 
•'•en ifs.-ribed in detail. In addition, however, many 

di?ir:a*-ions and changes can be made to those details without 
^parting frcT. the nature and spirit of the invention. 
„:cotdlngly, it is to be understood that the invention is not 
imited to said detailed embodiment but is defined by the 
^^penced clams. 
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APPENDIX 1: Computer Instructions for Encrypting and Decrypting 

The following code demonstrates the operation of raising a 
string of computer Instructions, which may be represented as an 
Array of integers, to a power modulo a modulus. This may be used 
for both the encryption and decryption operations. 

The example is presented in the computer language Pascal. 
It Is assumed that the following procedures have previously been 
provided! 

Iiu1 t iplyModulo - Multiplies two large numbers, returning zUe 
resulting product modulo a modulus, 

BitlsOn - A large number, represented as succession of bits, 
is supplied to this procedure. The least significant bit is 
referred to as bit zero, with more significant bits being 
numbered one, two, etcetera. The procedure is also supplied with 
the number of a bit to examine. The procedure examines the 
indicated bit in the large number. It returns a Boolean (True or 
False) value of True If and only If the examined bit has value 
one. 

TYPE LargeNumber = PACKED ARRAYCO. .Numbers i zel OF INTEGER; 

PROCEDURE Exponent tateliodulo 

(Message, Exponent, Modulus : LargeNumber; 

VAR Result 8 LargeNumber > I 

VAR I : INTEGER; 
BEGIN 

FOR lx>0 TO Numbers ize-1 DO Resul tt I3s«0; 
Resul tCNumberSi ze]:-i; 

FOR I j=NumberSize»BitsPerINTEGER TO 0 STEP -1 DO 
BEGIN 

MulttplyModuloCResult, Result, Modulus, Result); 
IF BitlsOn (Exponent, I) 

THEN Mul t iplyModulo (Message, Result, Modulus, Result) 

END 
END; 
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. A daca processing system that provides for the public 

»*ncryption ot software programs while simultaneously 
fcotecting agtainst the public decryption and piracy of said 
programs r coii>prised of: 
5 a plurality of microprocessors; 

eacl- microprocessor of said plurality having a unique 
and publicly accessible encryption key means for encrypting 
r.aid software programs in a unique fashion for each particular 
mi c r opr oce s so r ; 

10 each microprocessor of said plurality further having 

a unique decryption key means for decrypting said software 
programs that have been encrypted with the microprocessor's 
unique encryption key; 

said decryption key means in each microprocessor 

15 being imbedded therein in a fashion which makes the decryption 
key humanly imperceptible r and being of a type that is not 
determinable from said publicly accessible encryption key 
rr.e ans. 
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2. A system according to Claim 1 wherein each 

microprocessor of said plurality includes an arithmetic means 
for performing mathematical operations in response to 
externally supplied instructions, a first memory means for 

5 storing instructions that direct said arithmetic means to 
decrypt said encrypted programs via said decryption key, a 
second memory means for storing decrypted programs from Scu.:: 
arithmetic means, and control means for supplying instructions 
from said first and second memory means to said arithmetic 

0 means respectively during first and second interleaved time 
intervals. 



3. A system according to Claim 2 wherein said control 

means further includes means for permitting said decryption 
key means to be read within said microprocessor during only 
said first time intervals while simultaneously prohibiting 
5 transfers of said decryption key means and decrypted programs 
from said microprocessor. 



4. A system according to Claim 2 wherein said control 

means further includes a first program counter means for 
addressing said first memory means during said first time 
intervals, and a second program counter means for addressing 
5 said second memory means during both said first and second 
time intervals. 
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5* A systen according to Clain 2 wherein each 

ri crc;:'rrcesscr of said plurality is integrated on a respective 
s»^mi conductor chipr and said decryption key means is imbedded 
tnereir as a plurality of electrically progrannable fuses • 

^ . A systen according to Claim 2 wherein said encryption 

k>:y r^ear.s anl said decryption key means for each 
rr^cropr :'Ces>:or of said plurality respectively represent a 
unique pair of digits (e, n) and (d, n), said encrypted 
prograns are unencrypted programs raised to the power e modulo 
Hr and said instructions in said first memory means direct 
said arithmetic means to decrypt programs by raising said 
encrypted programs to the power d modulo n. 
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7. For use in a data processing system that provides for 

the public encryption of a software program while 
simultaneously protecting against the public decryption and 
software piracy of said program, a microprocessor comprised 
5 of: 

an encryption key means that is unique to said 
microprocessor and is publicly accessible; 

means for receiving said program after it has been 
encrypted via said publicly accessible encryption key means; 
10 a decryption key means that is unique to said 

microprocessor, is integrated into said microprocessor in a 
fashion which makes it humanly imperceptible, and is not 
determinable from said publicly accessible encryption key 
means; and 

15 means for decrypting the received program within said 

microprocessor via said decryption key means. 
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8. k {^dcropro cesser according to Claim 7 wherein said 
nears for decrypting includes an arithmetic means for 
perforning mathematical operations in response to externally 
supplied iristructions, a first memory means for storing 
instructions that direct said arithmetic means to decrypt said 
encrypted program via said decryption key, a second memory 
mean 5 for storing decrypted programs from said arithmetic 
jneai;;5, and control means for supplying instructions from said 
first and i.-:cond memory means to said arithmetic means 
respe-rtively during first and second interleaved time 
intervals. 

9. A microprocessor according to Claim 7 wherein said 
means for decrypting includes means for reading said 
decryption key within said microprocessor during only 
predetermined time intervals while simultaneously prohibiting 
transfers of said decryption key means and decrypted program 
from said microprocessor. 

10. A microprocessor according to Claim 7 wherein said 
micioprocessor is integrated on a single semiconductor chip, 
and said decryption key is imbedded therein as a plurality of 
electrically programmable fuses. 

11. A microprocessor according to Claim 7 wherein said 
encryption key means and said decryption key means 
respectively represent a unique pair of digits (e, n) and (d, 
n) f said encrypted program is an unencrypted program raised to 
the power e modulo n, and said means for decrypting raises 
said encrypted program to the power d modulo n. 



-21- 



0121853 



12. A method of encrypting and decrypting a software 

program including the steps of: 

integrating a unique and non-public decryption key 
into a data processor in a fashion which makes said decryption 
key humanly imperceptible; 

encrypting said program via a public encryption 
procedure which uses a public encryption key that is unique to 
said data processor; 

receiving said encrypted program in said data 
processor; and 

decrypting said received program in said data 
processor using a public decryption procedure together with 
said non-public decryption key. 
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